CheckForbidden checks if the error is the internal Postgres database row-level security policy violation exception or a permission denied exception due to insufficient grants and returns ErrForbidden.

IsOtherThanErrForbidden returns true if the error is present and is not ErrForbidden.

Cookies are not sent on normal cross-site subrequests (for example to load images or frames into a third party site), but are sent when a user is navigating to the origin site (i.e., when following a link).

Cookies will be sent in all contexts, i.e.

Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.

Session is the user cookie session stored.

SessionCookie is the session cookie and it matches the SessionCookie in graphql/src/session.ts@SessionCookie.

SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.